6ac00b855fea6ca9b475c37a0d10418e6d18331c7b2cb615fd9fa2218a9b1f5b | Triage

Sharing

General

Target

40ac1cd24cadd86f91ef6545ad820a55_JaffaCakes118
Size

340KB
Sample

240713-hx5cyatamh
MD5

40ac1cd24cadd86f91ef6545ad820a55
SHA1

9b9f6638ed53bb5d3df4060527343eb0ccf0859f
SHA256

6ac00b855fea6ca9b475c37a0d10418e6d18331c7b2cb615fd9fa2218a9b1f5b
SHA512

bb6b108d0eb569ab59edb9524d60f5f4f3e297d2ef21784eb0770937d6ba4fb5dca38da5ab8986b1969b0ae6152aace0d4f987c408e25912fde559017ce314d1
SSDEEP

6144:9tOdKF7Yta2UM5IxXF/tIKAL7iFE7sNBo+aa9R3HJxvkSuM4PydZAx+q:e1tUM5aV/oLOVfhaa9ZpVSx+q

Score

10^/10

evasion persistence trojan

Malware Config

Targets

- Target
  
  40ac1cd24cadd86f91ef6545ad820a55_JaffaCakes118
- Size
  
  340KB
- MD5
  
  40ac1cd24cadd86f91ef6545ad820a55
- SHA1
  
  9b9f6638ed53bb5d3df4060527343eb0ccf0859f
- SHA256
  
  6ac00b855fea6ca9b475c37a0d10418e6d18331c7b2cb615fd9fa2218a9b1f5b
- SHA512
  
  bb6b108d0eb569ab59edb9524d60f5f4f3e297d2ef21784eb0770937d6ba4fb5dca38da5ab8986b1969b0ae6152aace0d4f987c408e25912fde559017ce314d1
- SSDEEP
  
  6144:9tOdKF7Yta2UM5IxXF/tIKAL7iFE7sNBo+aa9R3HJxvkSuM4PydZAx+q:e1tUM5aV/oLOVfhaa9ZpVSx+q
Score

10^/10

evasion persistence trojan
- Windows security bypass
  evasion trojan
- Disables taskbar notifications via registry modification
  evasion
- Deletes itself
- Executes dropped EXE
- Loads dropped DLL
- Windows security modification
  evasion trojan
- Adds Run key to start application
  persistence
behavioral1 behavioral2

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Privilege Escalation

Boot or Logon Autostart Execution

Registry Run Keys / Startup Folder

Defense Evasion

Impair Defenses

Disable or Modify Tools

Modify Registry

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Tasks

static1

behavioral1

evasionpersistencetrojan

behavioral2